Spectrum information query system and a secured query proxy device

ABSTRACT

A spectrum information query system, a method of querying a database storing spectrum information and a secured query proxy device are provided, the spectrum information query system comprising a database storing spectrum information; one or more spectrum utilising devices forming a first communications network; and a secured query proxy device, the secured query proxy device configured to communicate at its front-end with the database storing spectrum information, wherein the secured query proxy device is configured at its back-end for a one-way downlink to the first communications network; a decoupled source that is decoupled from the first communications network, the source being coupled to the secured query proxy device, wherein the secured query proxy device is configured to obtain information associated with the first communications network via the decoupled source, the secured query proxy device being further configured to perform encryption of obtained information associated with the first communications network obtained from the decoupled source; and wherein the secured query proxy device is further configured to apply one or more security data preservation measures to the received spectrum information prior to transmission of the received spectrum information to the first communications network via the one-way downlink.

TECHNICAL FIELD

The present disclosure relates broadly to a spectrum information querysystem, a method of querying a database storing spectrum information anda secured query proxy device.

BACKGROUND

Traditionally, spectrum is allocated in a fixed or semi-fixed mannerwhere specific frequency bands are allocated to license owners. Sincethe license owners may not fully utilise the respective allocatedspectrum at all times and at all places, there is under-utilisation ofspectrum. To improve spectrum utilisation rates, dynamic ways of usingspectrum such as Dynamic Spectrum Access (DSA) have been explored toutilise spectrum in a dynamic and/or opportunistic manner. TelevisionWhite Spaces (TVWS) is a DSA system that attempts to use spectrumdynamically in TV bands. One of the promising ways of accessingunderutilised spectrum dynamically is via a look-up to a Geo-LocationDatabase (GLDB).

Accessing a GLDB is part of a querying system where a DSA or TVWS deviceaccesses a database to obtain information on the available channels (orspectrum) at the location of the device for specific duration(s). Thedevice can then select one or more of the available channels forcommunications.

It has been recognised that a query network that queries a GLDBtypically conducts queries in a bi-directional format and over acommunications network. For example, a query engine of the queryingnetwork device typically sends the device location and other parameters,and receives a list of available channels for communications and otherparameters. It has been recognised that this setup has a potentialavenue for unauthorised access to the querying network via the devicethat conducts the querying of the GLDB.

To address the above issue, network firewalls are typically deployed ata querying network to filter traffic and additionally, mutualauthentication may be used to further enhance the security levels.Alternatively, network monitoring or installation of anti-malwaresolutions are used. However, it has been recognised by the inventorsthat these measures are deployed by software which potentially haveloopholes for attacks and manipulation. In addition, the costs to deploythe software network components are relatively expensive. Further, ithas been recognised by the inventors that such current softwaresolutions are not able to detect data tampering and protect dataprivacy.

In view of the above, there exists a need for a spectrum informationquery system, a method of querying a database storing spectruminformation and a secured query proxy device that seek to address atleast one of the above problems.

SUMMARY

In accordance with an aspect of the present disclosure, there isprovided a spectrum information query system, the system comprising adatabase storing spectrum information; one or more spectrum utilisingdevices forming a first communications network; and a secured queryproxy device, the secured query proxy device configured to communicateat its front-end with the database storing spectrum information, whereinthe secured query proxy device is configured at its back-end for aone-way downlink to the first communications network; a decoupled sourcethat is decoupled from the first communications network, the sourcebeing coupled to the secured query proxy device, wherein the securedquery proxy device is configured to obtain information associated withthe first communications network via the decoupled source, the securedquery proxy device being further configured to perform encryption ofobtained information associated with the first communications networkobtained from the decoupled source; and wherein the secured query proxydevice is further configured to apply one or more data preservationmeasures to the received spectrum information prior to transmission ofthe received spectrum information to the first communications networkvia the one-way downlink.

The system may further comprise the secured query proxy device beingconfigured to query the database storing spectrum information using theinformation associated with the first communications network obtainedfrom the decoupled source that is decoupled from the firstcommunications network.

The secured query proxy device may be configured to encode the receivedspectrum information as one of the one or more data preservationmeasures.

The secured query proxy device may be configured to encrypt the receivedspectrum information as one of the one or more data preservationmeasures.

The secured query proxy device may be configured to schedule a periodictransmission of the received spectrum information to the firstcommunications network via the one-way downlink as one of the one ormore data preservation measures.

The secured query proxy device may comprise a user interface module tofacilitate the decoupled source that is decoupled from the firstcommunications network.

The secured query proxy device may be configured to access anotherdatabase that functions as a decoupled source that is decoupled from thefirst communications network, the another database storing theinformation associated with the first communications network.

The system may further comprise another secured query proxy device tofunction as the decoupled source that is decoupled from the firstcommunications network and as a proxy between the secured query proxydevice and the first communication network, the another secured queryproxy device comprising at least one one-way communication link.

At least one of the one or more spectrum utilising devices may beconfigured to perform a reversal of the one or more data preservationmeasures to recover the received spectrum information.

The database storing spectrum information may comprise a Geo-LocationDatabase (GLDB) and the information associated with the firstcommunications network may comprise geographical location information ofthe one or more spectrum utilising devices.

The secured query proxy device may be further configured to processreceived spectrum information received from the database storingspectrum information into non-executable information prior toapplication of the one or more data preservation measures.

In accordance with another aspect of the present disclosure, there isprovided a method of querying a database storing spectrum information,the method comprising providing a database storing spectrum information;providing one or more spectrum utilising devices forming a firstcommunications network; and providing a secured query proxy devicefunctioning as a proxy device between the first communications networkand the database storing spectrum information; providing a decoupledsource that is decoupled from the first communications network, thesource being coupled to the secured query proxy device; obtaininginformation associated with the first communications network at thesecured query proxy device via the decoupled source; encrypting at thesecured query proxy device the obtained information associated with thefirst communications network obtained from the decoupled source; usingthe secured query proxy device to communicate at its front-end with thedatabase storing spectrum information; using the secured query proxydevice at its back-end for a one-way downlink to the firstcommunications network; and applying one or more data preservationmeasures at the secured query proxy device to the received spectruminformation prior to transmission of the received spectrum informationto the first communications network via the one-way downlink.

The method may further comprise querying the database storing spectruminformation using the secured query proxy device that is in turn usingthe information associated with the first communications networkobtained from the decoupled source that is decoupled from the firstcommunications network.

The method may further comprise encoding the received spectruminformation as one of the one or more data preservation measures.

The method may further comprise encrypting the received spectruminformation as one of the one or more data preservation measures.

The method may further comprise scheduling a periodic transmission ofthe received spectrum information by the secured query proxy device tothe first communications network via the one-way downlink as one of theone or more data preservation measures.

The method may further comprise providing a user interface module at thesecured query proxy device to facilitate the decoupled source that isdecoupled from the first communications network.

The method may further comprise accessing another database thatfunctions as a decoupled source that is decoupled from the firstcommunications network, the another database storing the informationassociated with the first communications network.

The method may further comprise providing another secured query proxydevice functioning as the decoupled source that is decoupled from thefirst communications network and as another proxy device between thefirst communications network and the secured query proxy device; theanother secured query proxy device comprising at least one one-waycommunication link.

The method may further comprise performing a reversal of the one or moredata preservation measures to recover the received spectrum informationat at least one of the one or more spectrum utilising devices.

The database storing spectrum information may comprise a Geo-LocationDatabase (GLDB) and the information associated with the firstcommunications network may comprise geographical location information ofthe one or more spectrum utilising devices.

The method may further comprise processing at the secured query proxydevice received spectrum information received from the database storingspectrum information into non-executable information prior toapplication of the one or more data preservation measures.

In accordance with yet another aspect of the present disclosure, thereis provided a secured query proxy device, the device comprising afront-end communications module, the front-end communications moduleconfigured for multi-directional communications; a back-endcommunications module, the back-end communications module configured fora one-way communication; an input module, the input module configured tocouple to a decoupled source that is decoupled from a communicationsnetwork; an encryption module, the encryption module configured toencrypt information associated with the communications network; one ormore information-processing modules, the one or moreinformation-processing modules being configured to apply one or moredata preservation measures to the received information prior totransmission of the received information via the back-end communicationsmodule for the one-way communication.

The device may further comprise the front-end communications modulebeing configured to query a database storing spectrum information usinginformation associated with the communications network obtained from thedecoupled source that is decoupled from the communications network.

The device may further comprise the one or more information-processingmodules being configured to encode the received information as one ofthe one or more data preservation measures.

The device may further comprise the one or more information-processingmodules being configured to encrypt the received information as one ofthe one or more data preservation measures.

The back-end communications module may be configured to schedule aperiodic transmission of the received information as one of the one ormore data preservation measures.

The input module may comprise a user interface module to facilitate thedecoupled source that is decoupled from the communications network.

The input module may be configured to access another database thatfunctions as a decoupled source that is decoupled from thecommunications network, the another database storing the informationassociated with the communications network.

The one or more information-processing modules may be further configuredto process received spectrum information received from the databasestoring spectrum information into non-executable information prior toapplication of the one or more data preservation measures.

BRIEF DESCRIPTION OF THE DRAWINGS

Exemplary embodiments of the present disclosure will be betterunderstood and readily apparent to one of ordinary skill in the art fromthe following written description, by way of example only, and inconjunction with the drawings, in which:

FIG. 1 is a schematic diagram illustrating a spectrum information querysystem in an exemplary embodiment.

FIG. 2A is a schematic diagram illustrating a spectrum information querysystem in an exemplary embodiment.

FIG. 2B is a schematic diagram illustrating components of a securedquery proxy device of FIG. 2A.

FIG. 3 is a schematic diagram illustrating spectrum information querysystem in another exemplary embodiment.

FIG. 4 is a schematic diagram illustrating components of a spectrumutilising device in an exemplary embodiment.

FIG. 5 is a schematic flowchart illustrating a method of querying adatabase storing spectrum information in an exemplary embodiment.

FIG. 6 is a schematic diagram illustrating a secured query proxy devicein an exemplary embodiment.

FIG. 7 is a schematic flowchart illustrating a query process flow of aspectrum information querying system in an exemplary embodiment.

DETAILED DESCRIPTION

Exemplary embodiments described below may provide a spectrum informationquery system, a method of querying a database storing spectruminformation and a secured query proxy device.

In an exemplary embodiment, the spectrum information query systemcomprises a database storing spectrum information, one or more spectrumutilising devices forming a first communications network, and a securedquery proxy device configured to communicate at its front-end with thedatabase storing spectrum information via a second communicationsnetwork. In the exemplary embodiment, the secured query proxy device isconfigured at its back-end to comprise a one-way downlink to the firstcommunications network. Further, the secured query proxy device isconfigured to obtain information associated with the firstcommunications network via a source that is decoupled from the firstcommunications network. The secured query proxy device is alsoconfigured to perform encryption of obtained information associated withthe first communications network obtained via the decoupled source.Further, in the exemplary embodiment, the secured query proxy device isconfigured to apply one or more data preservation measures, prior totransmitting the processed spectrum information to the firstcommunications network via the one-way downlink.

In exemplary embodiments, the one or more data preservation measures mayinclude one or more measures to protect or ensure data integrity, e.g.encoding of received spectrum information and/or scheduling periodicre-transmission of received spectrum information. The one or more datapreservation measures may also include one or more security measures,e.g. encryption of received spectrum information.

In exemplary embodiments, the secured query proxy device mayadditionally be configured to receive spectrum information from thedatabase and process the received spectrum information e.g. intonon-executable information and/or plain-text information prior toapplication of the one or more data preservation methods.

In the exemplary embodiments herein, the term “decoupled source” from acommunications network is understood to mean that a source is notdirectly linked to the communications network, or more particularly,traffic cannot be transmitted through the source to reach thecommunications network.

In some exemplary embodiments, a method, system and device for securedspectrum access using a Geo-Location Database (GLDB) may be provided. Inthese exemplary embodiments, the method, system and device may isolateone or more DSA or TVWS networks from the link that accesses the GLDB.In these exemplary embodiments, the method, system and device may useunidirectional traffic through hardware isolation to eliminate anypotential attacks or hacking that are performed via software.

Detailed examples of various exemplary, non-limiting embodiments aredescribed below.

FIG. 1 is a schematic diagram illustrating a spectrum information querysystem 100 in an exemplary embodiment. The spectrum information querysystem 100 comprises a database 102 storing spectrum information. Thespectrum information query system 100 comprises one or more spectrumutilising devices forming a first communications network 104 and asecured query proxy device 106.

In the exemplary embodiment, the database 102 is in the form of, but isnot limited to, a computer server and comprises a processing module (notshown). The database 102 stores spectrum information that may beutilised by spectrum utilising devices such as communications devices,televisions, wireless microphones etc.

In the exemplary embodiment, the secured query proxy device 106 isconfigured to communicate at its front-end with the database 102 storingspectrum information. The communication may be via a secondcommunications network 108 such as, but not limited to, a communicationsnetwork or the internet etc. That is, the secured query proxy device 106may transmit and receive information to and from the database 102. Seenumerals 112 and 114.

In the exemplary embodiment, the secured query proxy device 106 isconfigured at its back-end to comprise or for a one-way downlink to thefirst communications network 104. Thus, the secured query proxy device106 may only transmit information to the first communications network104. See numeral 116.

In the exemplary embodiment, the secured query proxy device 106 isconfigured to obtain information associated with the firstcommunications network 104 via a source 110 that is decoupled from thefirst communications network.

In the exemplary embodiment, the secured query proxy device 106 isconfigured to perform encryption on information associated with thefirst communications network 104 obtained via the source 110, e.g. priorto storage of the information within the secured query proxy device 106.For example, the information obtained via the source 110 is encryptedand subsequently, the encrypted information is stored at a memory module(not shown) within the secured query proxy device 106.

Further, in the exemplary embodiment, the secured query proxy device 106is configured to apply one or more data preservation measures to thereceived spectrum information, prior to transmitting the receivedspectrum information to the first communications network 104 via theone-way downlink.

In exemplary embodiments, the one or more data preservation measures mayinclude one or more measures to protect or ensure data integrity, e.g.encoding of received spectrum information and/or scheduling periodicre-transmission of received spectrum information. The one or more datapreservation measures may also include one or more security measures,e.g. encryption of received spectrum information.

In the exemplary embodiment, the secured query proxy device 106 may befurther configured to pre-process or process received spectruminformation e.g. into non-executable information and/or plain-textinformation such that the information is not able to effect programmingchanges or operations of the devices of the first communications network104, i.e. for the prevention of attacks or hacking. The processing maybe performed prior to application of the one or more data preservationmethods.

In the exemplary embodiment, the secured query proxy device 106 isfurther configured to query the database 102 using the informationassociated with the first communications network 104 to obtain spectruminformation.

In the exemplary embodiment, at least one of the one or more spectrumutilising devices is configured to perform a reversal of the one or moredata preservation measures to recover the received spectrum information.

FIG. 2A is a schematic diagram illustrating a spectrum information querysystem 200 in an exemplary embodiment. The spectrum information querysystem 200 functions substantially similarly to the spectrum informationquery system 100 described with reference to FIG. 1.

In the exemplary embodiment, the spectrum information query system 200comprises a database 202 storing spectrum information implemented as aGeo-Location Database (GLDB) 202. The spectrum information query system200 also comprises one or more TVWS devices e.g. 212, 214, 216, 218forming a TVWS network 204, and a secured query proxy device 206 termedas a Secured Database Access System (SecDAS) 206. The TVWS network 204comprises a TVWS Master Device 212 that is in turn coupled and is ableto communicate, using wired connections, wireless connections or both,with other TVWS devices 214, 216, 218.

The SecDAS 206 is disposed in the spectrum information query system 200between the TVWS network 204 and the GLDB 202.

In the exemplary embodiment, the SecDAS 206 is configured to communicateat its front-end with the database 202 via a second communicationsnetwork 208. In the exemplary embodiment, the second communicationsnetwork 208 comprises the internet. For example, the SecDAS 206 mayquery the GLDB 202 for spectrum information based on information, e.g.comprising geographical location, associated with the one or more TVWSdevices e.g. 212, 214, 216, 218 forming the TVWS network 204 via thesecond communications network 208. The SecDAS 206 may receive spectruminformation based on the query from the GLDB 202. Thus, the SecDAS 206is configured for multi-directional communications, e.g. transmit andreceive information/data. See numeral 220. Thus, data may be sent andreceived using e.g. typical internet protocols such as https etc. In theexemplary embodiment, the SecDAS 206 is further configured at itsback-end for a one-way downlink to the TVWS network 204. The SecDAS 206may only transmit information to the TVWS network 204. See numeral 222.

In the exemplary embodiment, the SecDAS 206 is configured to obtaininformation associated with the TVWS network 204 via a decoupled source210 that is decoupled from the TVWS network 204. In the exemplaryembodiment, the information associated with the TVWS network 204comprises geographical location of each device and other parametersrelated to the one or more TVWS devices e.g. 212, 214, 216, 218.

In the exemplary embodiment, the SecDAS 206 is configured to performencryption on the information associated with the TVWS network 204obtained via the decoupled source 210, e.g. prior to storage of theinformation within the SecDAS 206. For example, the information obtainedvia the decoupled source 210 is encrypted and subsequently, theencrypted information is stored in a memory module within the SecDAS206.

In addition, the SecDAS 206 is configured to apply one or more datapreservation measures, e.g. encoding non-executable information, priorto transmitting the processed spectrum information to the TVWS network204 via the one-way downlink 222.

In exemplary embodiments, the one or more data preservation measures mayinclude one or more measures to protect or ensure data integrity, e.g.encoding of received spectrum information and/or scheduling periodicre-transmission of received spectrum information. The one or more datapreservation measures may also include one or more security measures,e.g. encryption of received spectrum information.

In the exemplary embodiment, the SecDAS 206 may additionally beconfigured to pre-process received spectrum information, i.e. spectruminformation received from the GLDB 202 as a result of the query. Thereceived spectrum information may be processed by the SecDAS 206 e.g.into non-command, non-executable information and/or plain-textinformation. That is, the spectrum information is processed so that theprocessed information is not able to effect programming changes oroperations of the one or more TVWS devices e.g. 212, 214, 216, 218 ofthe TVWS network 204, i.e. for the prevention of attacks or hacking. Theprocessing may be performed prior to application of the one or more datapreservation methods.

During use, the SecDAS 206 obtains information associated with the TVWSnetwork 204 via the source 210 that is decoupled from the TVWS network204. In the exemplary embodiment, the source 210 may be facilitatedusing or coupled to e.g. a user interface module coupled to the SecDAS206. The decoupled source 210 may be, but not limited to, a graphicaluser interface (GUI) module, for a user to input e.g. geographicallocation information of the one or more TVWS devices e.g. 212, 214, 216,218. The SecDAS 206 encrypts the information obtained via the source 210e.g. prior to storage in the SecDAS 206. The encrypted information isobtained from the decoupled source 210 and is decrypted within theSecDAS 206 prior to transmitting the decrypted information to the GLDB202. The SecDAS 206 transmits, as a query, the decrypted informationcomprising the locations of the devices and other parameters to the GLDB202. Such parameters may exemplarily include device identifiers or IDsof devices, type of devices, elevation height of devices etc. In theexemplary embodiment, the GLDB 202 performs the query of the databasestoring spectrum information using the information and in return, theGLDB 202 transmits the results of the query to the SecDAS 206. Theresults of the query, or the query results, may comprise a list ofavailable channels for communications and other parameters. Suchparameters may exemplarily include validity time of the channels forcommunication, allowed power level for transmission etc. Thetransmission and receipt of information at the SecDAS 206 is shown atnumeral 220.

In the use, the SecDAS 206 applies one or more data preservationmeasures. The one or more data preservation measures may include one ormore measures to protect or ensure data integrity, e.g. encoding ofreceived spectrum information and/or scheduling periodic re-transmissionof received spectrum information. The one or more data preservationmeasures may also include one or more security measures, e.g. encryptionof received spectrum information. The SecDAS 206 then proceeds totransmit the secured spectrum information to the TVWS network 204 viathe one-way downlink 222.

The SecDAS 206 may additionally pre-process, or process, prior tofurther transmission, the received query results or received spectruminformation as a result of the query. The SecDAS 206 may process thereceived spectrum information into non-command, non-executableinformation and/or plain-text information prior to application of theone or more data preservation methods.

At the TVWS device 212, a reversal of the one or more data preservationmeasures is performed. The received spectrum information is decoded. Thelist of available channels is then obtained and further transmitted toother devices e.g. 214, 216, 218 so that suitable frequency channels maybe selected for communications.

In an alternative scenario whereby there is an instance of first devicepower up or re-power up, the TVWS device 212 selects one of theavailable channels and broadcasts its information. Other devices e.g.214, 216, 218 may scan through a list of possible frequencies anddiscover the TVWS device 212. This scanning is prior to the otherdevices 214, 216, 218 selecting a frequency or channel for transmission.Subsequently, the TVWS device 212 broadcasts the available channels tothe other devices 214, 216, 218 for these devices to receive/transmitinformation.

FIG. 2B is a schematic diagram illustrating components of the SecDAS206.

In the exemplary embodiment, the SecDAS 206 comprises a user interfacemodule 224 coupled to a database query engine module 226. The databasequery engine module 226 comprises an encryption module 227. The databasequery engine module 226 is configured to perform encryption ofinformation received from the user interface module 224 using theencryption module 227. The encryption module 227 is also capable ofperforming decryption of encrypted information. The database queryengine module 226 is coupled to an encoding module 228. Further, theencoding module 228 is coupled to a one-way hardware link module 230.The components of the SecDAS 206 are coupled to a processing module (notshown) that is configured to control the functions of the variouscomponents. The description of “hardware” for the one-way hardware linkin the exemplary embodiments herein indicates that the security is basedon hardware implementations, as opposed to merely softwarecommands/algorithms. It is recognised by the inventors that, bymechanically or physically limiting transmission to the one-way downlinkusing hardware, it may become impossible for attacks on the SecDAS to becarried out remotely. It is recognised by the inventors that attacks onsoftware implementations may be carried out via manipulating softwarecommands, in which even firewalls may be compromised.

In the exemplary embodiment, the encoding module 228 is configured toperform encoding operations as a data preservation measure. The encodingmodule 228 may also optionally perform encryption operations as anotherdata preservation measure. In such configurations, the encoding module228 may be termed as an encoding and encryption module.

In the exemplary embodiment, as described with reference to FIG. 2A, dueto the one-way downlink 222, there is no physical uplink traffic fromthe TVWS network 204 to the SecDAS 206. Therefore, there is no uplinktraffic from the TVWS network 204 to the second communications network208. That is, data only flows in the downlink from the SecDAS 206towards the one or more TVWS devices e.g. 212, 214, 216, 218. Therefore,in the exemplary embodiment, the likelihood of hackers, for example,stealing information from the secured TVWS network 204 may beeliminated.

In the exemplary embodiment, when the SecDAS 206 queries the GLDB 202for spectrum information, the SecDAS 206 uses information (such as thegeographical locations of the TVWS devices e.g. 212, 214, 216, 218). Asthere is no uplink traffic, a decoupled source 210 that is decoupledfrom the TVWS network 204 is provided for use with the SecDAS 206. Inthe exemplary embodiment, the decoupled source 210 that is decoupledfrom the TVWS network 204 is implemented with the user interface module224. The user interface module 224 is configured for an administrator oruser to input the information associated with the TVWS network 204, e.g.TVWS device information. It has been recognised that the informationassociated with the TVWS network 204 such as TVWS device information maynot change frequently, especially for TVWS devices with fixedgeographical locations. Therefore, given the relative non-variance, itis recognised by the inventors that it is workable for administrators toinput the information e.g. via a GUI.

In the exemplary embodiment, the user interface module 224 obtainsinputted information from the decoupled source 210, e.g. a userinterface such as a GUI, and transmits the inputted information to thedatabase query engine module 226. The decoupled source 210 (e.g. theGUI) may optionally be configured to, upon receiving spectruminformation from the GLDB, display the received spectrum information tothe user (e.g. via the GUI).

Therefore, with the usage of the decoupled source 210, the databasequery engine module 226 receives information from the user interfacemodule 224 instead of receiving information directly from the TVWSdevices e.g. 212, 214, 216, 218.

In the exemplary embodiment, the SecDAS 206 functions as a proxy device.That is, after information associated with the TVWS devices are inputtedinto the user interface module 224, the database query engine module 226is configured to transmit the inputted information as a query to theGLDB 202 on behalf of the TVWS network 204 for spectrum information. Thedatabase query engine module 226 is also configured to receive queryresults from the GLDB 202. For example, the database query engine module226 receives the spectrum information (e.g. a list of channels availablefor communications) together with other network parameters transmittedfrom the GLDB 202 and outputs the received spectrum information to othercomponents of the SecDAS 206.

In the exemplary embodiment, the database query engine module 226 isconfigured to transmit the received spectrum information to one or moreinformation-processing modules. For example, the received spectruminformation is transmitted for one or more data preservation measures tobe applied to the spectrum information. The received spectruminformation may also be processed into non-executable information priorto application of the one or more data preservation measures.

An example of an information-processing module is the encoding module228. The encoding module 228 is configured to apply encoding to receivedspectrum information as a data preservation measure. Encoding may beapplied in the form of, but not limited to, parity check or using otheradvanced encoding schemes. The encoded information/data may thenoptionally, but not necessarily, undergo encryption as another datapreservation measure. In the exemplary embodiment, encryption isadditionally applied to ensure data integrity. The encoded and encrypteddata is in the form of, but not limited to, plain text or othernon-command format. As another example, the encoding module 228 may befurther configured to process the received spectrum information intonon-executable information prior to application of the one or more datapreservation measures such as encoding of the received spectruminformation.

In the exemplary embodiment, the encoded and encrypted data is thentransmitted to the one-way hardware link module 230 of the SecDAS 206for further transmission to the TVWS devices e.g. 212, 214, 216, 218.The one-way hardware link module 230 may be implemented in the form of,but not limited to, a one-way serial interface. In some exemplaryembodiments, the serial interface is provided with a TX (transmit) linethat is present/intact but with a RX (receive) line that is physicallycut off. Alternatively, a one-way Ethernet cable may be used. For otherexemplary embodiments, a one-way broadcast or other one-way links thatare configured to only allow information to flow in one direction may beused using hardware implementations. The transmission ofinformation/data from via the downlink 222 to the TVWS network 204 maybe by wired or wireless connection.

The inventors have recognised that as the exemplary embodiment uses theone-way downlink 222, the SecDAS 206 does not receive acknowledgementsfrom the TVWS devices e.g. 212, 214, 216, 218 that indicate that thedevices e.g. 212, 214, 216, 218 have successfully received thetransmitted data from the one-way hardware link module 230. Thus,additionally in the exemplary embodiment, the encoding module 228 may beoptionally configured to schedule a periodic transmission as anotherdata preservation measure and to periodically transmit the same data(i.e. even if there is no update to the content) in order to avoidpossibilities of errors in transmission by the one-way hardware linkmodule 230. In some exemplary embodiments, control information may betransmitted together with the data.

The inventors have also recognised that, utilising periodictransmission, a period of data transmission may be used as an additionalpiece of information for data integrity checks (as yet another datapreservation measure). For example, by checking the timing periodicityof the data transmission, or by performing a parity check based ontiming information, it may be determined if data integrity has beencompromised.

In an exemplary scenario, the SecDAS 206 may be configured to transmitthe same encoded (and optionally encrypted) data to the TVWS network 204a predetermined number of times, e.g. 4 times, with a fixed timeinterval, e.g. 60 seconds, between each transmission. The set oftransmissions may occur once SecDAS receives updates on the queryresults from GLDB 202. In the exemplary scenario, if the TVWS network204 receives information not matching such a pattern (i.e. number oftransmissions with predetermined time interval between transmissions)from the SecDAS 206, this may indicate that information flow from theSecDAS 206 has been modified or compromised.

In the above described exemplary embodiment, the decoupled source 210 isimplemented using a user interface. However, it will be appreciated thatthe exemplary embodiments are not limited as such. The decoupled source210 may be alternatively implemented using a read-only database thatstores information associated with the first communications network e.g.the TVWS network 204.

As yet another alternative, the decoupled source 210 may be implementedusing a second secured query proxy device that functions substantiallysimilarly to the secured query proxy device 106 or the SecDAS 206. Suchan implementation may be for a scenario whereby the spectrum utilisingdevices are relatively mobile as compared to the scenario described withreference to FIGS. 2A and 2B. Thus, the geographical locations of thespectrum utilising devices may change more frequently.

FIG. 3 is a schematic diagram illustrating a spectrum information querysystem 300 in another exemplary embodiment. The spectrum informationquery system 300 functions substantially similarly to the spectruminformation query system 100 described with reference to FIG. 1 and thespectrum information query system 200 described with reference to FIG.2A and FIG. 2B.

In the exemplary embodiment, the spectrum information query system 300comprises a database 302 storing spectrum information (which functionssubstantially identically to the database 102 of FIG. 1) and a firstsecured query proxy device 306 (which functions substantiallyidentically to the secured query proxy device 106 of FIG. 1). Thespectrum information query system 300 further comprises one or morespectrum utilising devices forming a first communications network 304which functions substantially similarly to the first communicationsnetwork 104 described with reference to FIG. 1. In this exemplaryembodiment, the one or more spectrum utilising devices may have varyinggeographical location information.

In the exemplary embodiment, the first secured query proxy device 306 isconfigured to communicate at its front-end with the database 302 via asecond communications network 308, wherein the second communicationsnetwork 308 functions substantially identically to the secondcommunications network 108 described with reference to FIG. 1. In theexemplary embodiment, the first secured query proxy device 306 isconfigured to query the database 302 for spectrum information based oninformation associated with the one or more spectrum utilising devicesforming the first communications network 304.

In the exemplary embodiment, the spectrum information query system 300additionally comprises a second secured query proxy device 310. Thesecond secured query proxy device 310 functions to provide a source thatis decoupled from the first communications network 304. The secondsecured query proxy device 310 is configured to receive informationassociated with the first communications network. The second securedquery proxy device 310 is coupled to the first secured query proxydevice 306 to provide the information associated with the firstcommunications network 304 in a decoupled manner such that the firstsecured query proxy device 306 obtains the information associated withthe first communications network 304 indirectly (or not directly fromthe first communications network 304).

The second secured query proxy device 310 is configured to communicateat its front-end with the first communications network 304 in auni-directional manner. In the exemplary embodiment, the second securedquery proxy device 310 is configured to receive information associatedwith the first communications network 304 from a transmission from thefirst communications network 304. That is, the first communicationsnetwork 304 is configured to transmit the information associated withthe first communications network 304, or updates to the informationassociated with the first communications network 304, to the secondsecured query proxy device 310. In the exemplary embodiment, theinformation comprises geographical locations of the one or more spectrumutilising devices forming the first communications network 304. Seenumeral 312.

In the exemplary embodiment, the second secured query proxy device 310is configured at its back-end to comprise or for a one-way downlink tothe first secured query proxy device 306. Thus, the second secured queryproxy device 310 may only transmit information to the first securedquery proxy device 306. See numeral 314.

Therefore, the second secured query proxy device 310 functions as aproxy device to receive information associated with the firstcommunications network 304, and to only transmit the obtainedinformation associated with the first communications network 304 via theone-way downlink 314 to the first secured query proxy device 306. In theexemplary embodiment, the first secured query proxy device 306 thusreceives the information associated with the first communicationsnetwork 304 from a source that is decoupled, due to the one-way downlinkof the second secured query proxy device 310, from the firstcommunications network 304.

In the exemplary embodiment, the second secured query proxy device 310periodically receives the information associated with the firstcommunications network 304 e.g. from a push update from the firstcommunications network 304. The second secured query proxy device 310periodically transmits the received information to the first securedquery proxy device 306.

In the exemplary embodiment, the second secured query proxy device 310may be configured to apply one or more data preservation methods, suchas encoding, to the information received from the first communicationsnetwork 304, prior to the transmission of the received information tothe first secured query proxy device 306. In such a scenario, the firstsecured query proxy device 306 may be configured to perform a reversalof the one or more data preservation methods to obtain the informationassociated with the first communications network 304. For example,decoding may be performed at a database query engine module (comparedatabase query engine module 226 of FIG. 2B).

In the exemplary embodiment, the second secured query proxy device 310comprises at least a one-way communication link. See numerals 312, 314.The exemplary embodiment may be modified to have other forms. That is,if the communication direction at numeral 312 is implemented as two-way,the communication direction at numeral 314 is implemented as one-way.Alternatively, if the communication direction at numeral 312 isimplemented as one-way, the communication direction at numeral 314 maybe implemented as two-way. It is recognised that the second securedproxy device 310 may be an identical device to the first secured proxydevice described with reference to e.g. FIGS. 1 and 2A. For example, thesecond secured proxy device 310 may have a two-way communication link atits front-end (e.g. towards the first communications network 304) and aone-way communication link at its back-end (e.g. towards the firstsecured query proxy device 306).

FIG. 7 is a schematic flowchart 700 illustrating a query process flow ina spectrum information querying system in an exemplary embodiment. Thespectrum information querying system is substantially similar to thespectrum information querying system 200 described with reference toFIGS. 2A and 2B.

At step 702, a spectrum information query is begun.

At step 704, data such as information associated with one or more TVWSdevices forming a TVWS network (compare TVWS network 204 of FIG. 2A) isretrieved for a secured query proxy device. For example, the informationassociated with the TVWS network includes geographical information ofthe one or more TVWS devices forming the TVWS network. The data may beretrieved from a decoupled source (compare decoupled source 210 of FIG.2A) or from a database within the secured query proxy device. Forexample, see numeral 706.

At step 708, a user may be allowed to enter new data and/or edit thedata of step 704. The user may use a graphical user interface (GUI) viaexecution of an application. In the exemplary embodiment, theapplication is a web software application.

At step 710, the data is encrypted at the secured query proxy device(compare encryption module 227 of FIG. 2B).

At step 712, the encrypted data is stored in a database in the securedquery proxy device. In exemplary embodiments, the database may be storedin a storage module within the secured query proxy device.

At step 714, prior to performing a query to a database storing spectruminformation e.g. a GLDB, the secured query proxy device retrieves theencrypted data and performs decryption of the encrypted data.

At step 716, the secured query proxy device transmits a query to theGLDB (compare GLDB 202 of FIG. 2A) using the decrypted data.

At step 718, the GLDB transmits a query result comprising, but notlimited to, a list of frequencies to the secured query proxy device.

At step 720, the secured query proxy device applies one or more datapreservation measures to received data, i.e. the received spectruminformation. In the exemplary embodiment, the one or more datapreservation measures include encoding the received data.

At step 722, the secured query proxy device transmits the encoded dataof step 720 to a spectrum utilising device, for example, a TVWS masterdevice (compare TVWS Master Device 212 of FIG. 2A) via a one-wayhardware downlink (compare one-way hardware link module 230 of FIG. 2B).

At step 724, the spectrum utilising device performs a reversal of theone or more data preservation measures. In the exemplary embodiment, thespectrum utilising device decodes the data of steps 720 and 722 from thesecured query proxy device to recover the spectrum information of step718 for further processing.

At step 726, the spectrum information query ends.

FIG. 4 is a schematic diagram illustrating components of a spectrumutilising device 400 in an exemplary embodiment.

In the exemplary embodiment, the spectrum utilising device 400 may be amaster device or a slave device of a communications network, or may be astandalone device of a communications network. The spectrum utilisingdevice 400 is capable of functioning or co-operating with a securedquery proxy device 106, 206, 306 described with reference to FIGS. 1, 2Aand 3 respectively.

In the exemplary embodiment, the spectrum utilising device 400 comprisesa query proxy device interface module 402 and a spectrum manager module404 coupled to the query proxy device interface module 402. Thecomponents of the spectrum utilising device 400 are coupled to aprocessing module (not shown) that is configured to control thefunctions of the various components.

In the exemplary embodiment, the query proxy device interface module 402is configured to receive and interpret data transmitted by a securedquery proxy device (compare 106 of FIG. 1, 206 of FIG. 2A, 306 of FIG.3).

In the exemplary embodiment, the functionality of the query proxy deviceinterface module 402 is to recover the spectrum information that hasbeen processed by one or more information-processing modules of thesecured query proxy device (e.g. compare the encoding module 228 of FIG.2B). Thus, the query proxy device interface module 402 may function toreverse or to conduct opposite operations of the one or moreinformation-processing modules of the secured query proxy device (e.g.compare the encoding module 228 of FIG. 2B).

In the exemplary embodiment, the query proxy device interface module 402is configured to optionally decrypt the received data (if encryption hasbeen performed at the secured query proxy device), to decode the dataand to check that the parity is correct.

In the exemplary embodiment, the query proxy interface module 402 may beadditionally configured to check the integrity of the data transmittedfrom the secured query proxy device to the spectrum utilising device400. As the format of the data transmitted to the spectrum utilisingdevice 400 is recognised to be substantially fixed, it is recognizedthat the data received at the spectrum utilising device 400 may bechecked and ensured that the data format complies with a predeterminedformat before the spectrum information received at the spectrumutilising device 400 is further utilised.

In the exemplary embodiment, the query proxy device interface module 402additionally checks the data received from multiple transmissions (i.e.one or more) in order to compare the decoded data from each transmissionto ensure consistency. The decoded data (such as the list of availablechannels and other network parameters) is then transmitted to thespectrum manager module 404. It is recognised that the query proxyinterface module 402 and the spectrum manager module 404 may communicatein a two-way direction. However, the exemplary embodiment is not limitedas such. That is, the query proxy interface module 402 may be configuredto communicate with the spectrum manager module 404 in a one-waydirection.

The spectrum manager module 404 is configured to select suitablefrequency channels for communications. In some exemplary embodimentswhereby the spectrum utilising device 400 is functioning as a Masterdevice of a communications network e.g. a TVWS Master device, thespectrum manager module 404 is also configured to transmit the selectedfrequency channels to one or more other spectrum utilising devices (e.g.to TVWS slave devices).

FIG. 5 is a schematic flowchart 500 illustrating a method of querying adatabase storing spectrum information in an exemplary embodiment. Atstep 502, a database storing spectrum information is provided. At step504, one or more spectrum utilising devices forming a firstcommunications network are provided. At step 506, a secured query proxydevice is provided functioning as a proxy device between the firstcommunications network and the database storing spectrum information. Atstep 508, a decoupled source that is decoupled from the firstcommunications network is provided, the source being coupled to thesecured query proxy device. At step 510, information associated with thefirst communications network is obtained at the secured query proxydevice via the decoupled source. At step 512, the obtained informationassociated with the first communications network obtained from thedecoupled source is encrypted at the secured query proxy device. At step514, the secured query proxy device is used to communicate at itsfront-end with the database storing spectrum information. At step 516,the secured query proxy device is used at its back-end for a one-waydownlink to the first communications network. At step 518, one or moredata preservation measures is applied at the secured query proxy deviceto the received spectrum information prior to transmission of thereceived spectrum information to the first communications network viathe one-way downlink.

In the exemplary embodiment, the one or more data preservation measuresmay comprise encoding, encryption, scheduling a periodic transmission ofthe received spectrum information via the one-way downlink etc. In theexemplary embodiment, another secured query proxy device functioning asanother proxy device may be provided between the first communicationsnetwork and the secured query proxy device, whereby the another securedquery proxy device comprises at least one one-way communication link. Inthe exemplary embodiment, the method may additionally comprise a step ofperforming a reversal of the one or more data preservation measures torecover the received spectrum information at at least one of the one ormore spectrum utilising devices. In the exemplary embodiment, the methodmay additionally comprise a step of processing at the secured queryproxy device received spectrum information received from the databasestoring spectrum information into non-executable information prior toapplication of the one or more data preservation measures.

FIG. 6 is a schematic diagram illustrating a secured query proxy device600 in an exemplary embodiment. The secured query proxy device 600comprises a processing module 602 for controlling the various functionsand components of the device 600.

The processing module 602 is coupled to a front-end communicationsmodule 604, the front-end communications module 604 is configured formulti-directional communication. See numeral 606. The processing module602 is coupled to a back-end communications module 608, the back-endcommunications module 608 is configured for a one-way communication. Seenumeral 610. In addition, the processing module 602 is coupled to aninput module 612, the input module 612 is configured to couple to adecoupled source that is decoupled from a communications network (notshown). The processing module 602 is also coupled to one or moreinformation-processing modules e.g. 614. The one or moreinformation-processing modules e.g. 614 is configured to encryptinformation obtained from the decoupled source. Further, in theexemplary embodiment, the one or more information-processing modulese.g. 614 is configured to apply one or more data preservation measuresto the received information prior to transmission of the receivedinformation via the back-end communications module 608 for the one-waycommunication 610.

In the exemplary embodiment, the one or more information-processingmodules e.g. 614 may be configured to process received informationreceived at the front-end communications module 604 into non-executableinformation and/or plain-text information prior to application of theone more data preservation measures.

The decoupled source is schematically shown at numeral 616.

In the exemplary embodiment, the front-end communications module 604 andthe back-end communications module 608 may be implemented ascommunications ports for the respective communications. It will beappreciated that the terms “front-end” and “back-end” are used todesignate the multi-directional communications capability and theone-way uni-directional downlink limitation respectively, and should notbe taken to be literally limited to a front side or back side of thesecured query proxy device 600.

In the exemplary embodiment, the front-end communications module 604 isconfigured to query a database storing spectrum information (not shown)using information received at the input module 612. The information isassociated with the communications network obtained from the decoupledsource.

In the exemplary embodiment, the one or more information-processingmodules e.g. 614 may comprise an encoder to apply encoding as one of theone or more data preservation measures. The one or moreinformation-processing modules e.g. 614 may also comprise an encryptionmodule to apply encryption as another one of the one or more datapreservation measures. In the exemplary embodiment, the processingmodule 602 may be configured to instruct or to configure the back-endcommunications module 608 to schedule a periodic transmission of, and toperiodically transmit, the received information as one of the one ormore data preservation measures. In some exemplary embodiments, controlinformation may be sent with the data.

In the exemplary embodiment, the input module 612 functions tofacilitate the decoupled source that is decoupled from thecommunications network. For example, the input module 612 may be a userinterface module to connect to a user interface that acts as thedecoupled source. In some embodiments, the user interface module mayprovide the user interface integrated with the device 600. In some otherembodiments, the input module 612 may be a communications port tofacilitate and receive communications from another secured query proxydevice (compare 310 of FIG. 3). In yet other exemplary embodiments, theinput module 612 may alternatively be another database, such as aread-only database, that stores information associated with a firstcommunications network (compare 104 of FIG. 1, 204 of FIG. 4 and 304 ofFIG. 3). In such embodiments, the secured query proxy device isconfigured to access the another database to obtain informationassociated with the first communications network.

In various exemplary embodiments, encoding may be performed in the formof a parity check. In some exemplary embodiments, a single parity checkis performed on binary transmission streams. In these embodiments, aparity bit (which may be an even parity bit or an odd parity bit) iscomputed and added to the end of every data unit before beingtransmitted, e.g. at a secured query proxy device.

In one exemplary embodiment, an even parity is used. In this embodiment,for a predetermined number of bits provided, the number of bits with avalue of ‘1’ is counted. If this number is an odd number, the parity bitvalue is set to T. As a result, the total number of occurrence of thevalue ‘1’ would be an even number. If the number of bits with the valueof ‘1’ is an even number, the parity bit value is set to ‘0’.

In another exemplary embodiment, an odd parity is used. In thisembodiment, for a predetermined number of bits provided, the number ofbits with a value of ‘1’ is counted. If this number is an even number,the parity bit value is set to T. As a result, the total number ofoccurrence of the value ‘1’ would be an odd number. If the number ofbits with the value ‘1’ is an odd number, the parity bit value is set to‘0’.

After a receiving end, e.g. at a spectrum utilizing device, receives thetransmitted data (including the data unit and the parity bit), anotherparity bit is computed at a receiving end based on the received data.The generated parity bit is then compared with the parity bit sent bythe transmitter. If the parity bits match, it is determined that thedata unit does not contain an error. Conversely, if the parity bits donot match, it is determined that the data unit contain an error.

It is recognized that other forms of data integrity checks may beimplemented apart from parity bits check. For example, hashing may bealternatively be used. As another example, Cyclic Redundancy Check (CRC)may also be alternatively used.

In various exemplary embodiments, parity check or CRC or the like may beperformed as a form of error detection, such as transmission errors. Itwill be appreciated that any other form of parity check or CRC or errordetection may be applied to the exemplary embodiments.

In various exemplary embodiments, encryption may be optionallyimplemented. In such embodiments, Advanced Encryption Standard (AES),Data Encryption Standard (DES) or any other forms of encryption may beapplied.

In various exemplary embodiments, an information-processing module suchas the encoding module 228 of FIG. 2B may be configured to generate textbased on information/data received that may comprise control informationand other information e.g. of a list of available channels/spectrums. Invarious exemplary embodiments, control information is used intransmission and reception of data before being received at theinformation-processing module. Such control information may compriseidentifier(s) for the database storing spectrum information, the securedquery proxy device, the communications network(s) formed by the one ormore spectrum utilising devices, or the one or more spectrum utilisingdevices themselves. Control information may also broadly comprise dataassociated with ensuring data integrity. In some exemplary embodiments,such data includes, but is not limited to, data associated with encodingdata in certain intervals, numbering of a sequence of data, fixing aformat of data and fixing a sequence of sending the data. For example,the first line in a data may indicate the message format (e.g. number oflines) and the second line in the data may include a number of fieldswith further information (e.g. a first field indicates a device ID with6 bytes, a second field indicates a first available frequency with 4bytes, a third field indicates a second available frequency with 4bytes, etc). One purpose of utilising such control information may be toidentify whether data integrity has been compromised.

In various exemplary embodiments, the information-processing module isconfigured to erase/remove command or executable information from thereceived data. In exemplary embodiments, any suitable method to stripthe control information from the received data may be utilised. Suchstripping may comprise a raster-sweep of received information todetermine if there exists code within the received information.

In various exemplary embodiments, the information-processing module isconfigured to thereafter convert the generated data into a final data inthe form of plain text or other non-command format, such that thedata/information is not able to effect programming changes or operationsof the receiving devices e.g. of the network 104 of FIG. 1. Thus, theinformation processing may be useful for the prevention of attacks orhacking.

The described exemplary embodiments may provide a method and system toreceive spectrum information such as GLDB data via e.g. a public networkby utilizing a proxy device or a secured query proxy device that obtainsinformation of a spectrum utilizing network. The spectrum utilizingnetwork may be a DSA or TVWS network. It will be appreciated that theexemplary embodiments are not intended to be limited to TVWS.

In certain described exemplary embodiments, a secured query proxy devicetermed a Secured Database Access System (SecDAS) may pre-process thedata received from a GLDB and determines a suitable one-way protocol forthe data to be sent to a TVWS network for the network to select whichfrequencies to be the most suitable for communication. The protocolrefers to interfaces and methods of interpreting data transmissionbetween two modules/entities. Therefore, interfaces (e.g. serialinterface, Ethernet interface etc.) are considered as part of theprotocol. In some exemplary embodiments, encoding/decoding, periodictransmissions, encryption/decryption are also considered part of theprotocol. In such described exemplary embodiments, the SecDAS isconfigured to strip off or remove or process any control information andonly transmits information/data in plain text or other non-command,non-executable format containing e.g. the list of channels available andthe associated parameters to the TVWS network.

In the described exemplary embodiments, by incorporating into a spectruminformation query system a secured query proxy device that is configuredfor a one-way downlink (i.e. only permitting one-way traffic) to one ormore spectrum utilising devices forming a communications network such asa TVWS network, potential avenues for hacking (such as backdoor hackingor theft of data) into the secured network (such as a TVWS network) maybe eliminated. The secured query proxy device also implements additionalinformation-processing or measures to ensure data integrity. Encodingchecks using e.g. CRC checks, parity bit checks, comparison of data fromperiodic transmissions, and checks based on determining the format ofdata received etc., may be measures implemented. One or more suchmeasures may prevent data tampering and can also allow data tampering tobe detected at the one or more spectrum utilising devices. As a result,security of the spectrum information query system is enhanced.

In the described exemplary embodiments, spectrum utilizing devices e.g.of a wireless communications network may use a secured query proxydevice to query a GLDB via a public or unsecured network but yet can beisolated from the public network in order to avoid hacking or otherundesired behavior/attacks. The secured query proxy device, e.g. termedas SecDAS, is disposed as a proxy device between a GLDB and the networkof spectrum utilizing devices. Thus, the spectrum utilizing devices mayquery the GLDB via the SecDAS instead of directly. The SecDAS obtains orcontains information regarding the wireless communications network. TheSecDAS implements encryption of the information associated to thewireless communication network e.g. before storing the information inthe SecDAS. This may prevent information from being obtained illegallyor stolen e.g. by hacking. The SecDAS can perform e.g. encoding andencrypting of data received from the GLDB and sending of the encoded andencrypted data via a one-way hardware link e.g. in plain text or othernon-command format. In the described exemplary embodiments, a reversalof the information processing (such as application of one or more datapreservation measures) at the SecDAS can be performed at the wirelesscommunications network. For example, decrypting and decoding the datamay be performed at the wireless communications network in order tocarry out wireless communication.

In the described exemplary embodiments, DSA or TVWS schemes may beprovided for private networks or networks which may benefit fromisolation from a public or unsecured network e.g. in order to avoid anypotential backdoor attacks via e.g. a direct GLDB link.

The terms “coupled” or “connected” as used in this description areintended to cover both directly connected or connected through one ormore intermediate means, unless otherwise stated.

In addition, the communications described in the present disclosure maybe wireless communications, wired communications or both.

In exemplary embodiments, a secured query proxy device is described as aproxy between a first communications network and a database storingspectrum information. It is appreciated that the exemplary embodimentsare not limited as such. That is, the secured query proxy device iscapable of functioning as a proxy for a plurality of communicationsnetworks in communication with the database storing spectruminformation. Further, the secured query proxy device may also query morethan one databases storing spectrum information.

The description herein may be, in certain portions, explicitly orimplicitly described as algorithms and/or functional operations thatoperate on data within a computer memory or an electronic circuit. Thesealgorithmic descriptions and/or functional operations are usually usedby those skilled in the information/data processing arts for efficientdescription. An algorithm is generally relating to a self-consistentsequence of steps leading to a desired result. The algorithmic steps caninclude physical manipulations of physical quantities, such aselectrical, magnetic or optical signals capable of being stored,transmitted, transferred, combined, compared, and otherwise manipulated.

Further, unless specifically stated otherwise, and would ordinarily beapparent from the following, a person skilled in the art will appreciatethat throughout the present specification, discussions utilizing termssuch as “scanning”, “calculating”, “determining”, “replacing”,“generating”, “initializing”, “outputting”, and the like, refer toaction and processes of an instructing processor/computer system, orsimilar electronic circuit/device/component, that manipulates/processesand transforms data represented as physical quantities within thedescribed system into other data similarly represented as physicalquantities within the system or other information storage, transmissionor display devices etc.

The description also discloses relevant device/apparatus for performingthe steps of the described methods. Such apparatus may be specificallyconstructed for the purposes of the methods, or may comprise a generalpurpose computer/processor or other device selectively activated orreconfigured by a computer program stored in a storage member. Thealgorithms and displays described herein are not inherently related toany particular computer or other apparatus. It is understood thatgeneral purpose devices/machines may be used in accordance with theteachings herein. Alternatively, the construction of a specializeddevice/apparatus to perform the method steps may be desired.

In addition, it is submitted that the description also implicitly coversa computer program, in that it would be clear that the steps of themethods described herein may be put into effect by computer code. Itwill be appreciated that a large variety of programming languages andcoding can be used to implement the teachings of the description herein.Moreover, the computer program if applicable is not limited to anyparticular control flow and can use different control flows withoutdeparting from the scope of the present disclosure.

Furthermore, one or more of the steps of the computer program ifapplicable may be performed in parallel and/or sequentially. Such acomputer program if applicable may be stored on any computer readablemedium. The computer readable medium may include storage devices such asmagnetic or optical disks, memory chips, or other storage devicessuitable for interfacing with a suitable reader/general purposecomputer. In such instances, the computer readable storage medium isnon-transitory. Such storage medium also covers all computer-readablemedia e.g. medium that stores data only for short periods of time and/oronly in the presence of power, such as register memory, processor cacheand Random Access Memory (RAM) and the like. The computer readablemedium may even include a wired medium such as exemplified in theInternet system, or wireless medium such as exemplified in bluetoothtechnology. The computer program when loaded and executed on a suitablereader effectively results in an apparatus that can implement the stepsof the described methods.

The exemplary embodiments may also be implemented as hardware modules. Amodule is a functional hardware unit designed for use with othercomponents or modules. For example, a module may be implemented usingdigital or discrete electronic components, or it can form a portion ofan entire electronic circuit such as an Application Specific IntegratedCircuit (ASIC). A person skilled in the art will understand that theexemplary embodiments can also be implemented as a combination ofhardware and software modules.

Additionally, when describing some embodiments, the disclosure may havedisclosed a method and/or process as a particular sequence of steps.However, unless otherwise required, it will be appreciated the method orprocess should not be limited to the particular sequence of stepsdisclosed. Other sequences of steps may be possible. The particularorder of the steps disclosed herein should not be construed as unduelimitations. Unless otherwise required, a method and/or processdisclosed herein should not be limited to the steps being carried out inthe order written. The sequence of steps may be varied and still remainwithin the scope of the disclosure.

Further, in the description herein, the word “substantially” wheneverused is understood to include, but not restricted to, “entirely” or“completely” and the like. In addition, terms such as “comprising”,“comprise”, and the like whenever used, are intended to benon-restricting descriptive language in that they broadly includeelements/components recited after such terms, in addition to othercomponents not explicitly recited. Further, terms such as “about”,“approximately” and the like whenever used, typically means a reasonablevariation, for example a variation of +/−5% of the disclosed value, or avariance of 4% of the disclosed value, or a variance of 3% of thedisclosed value, a variance of 2% of the disclosed value or a varianceof 1% of the disclosed value.

It will be appreciated by a person skilled in the art that othervariations and/or modifications may be made to the specific embodimentswithout departing from the scope of the present disclosure as broadlydescribed. The present embodiments are, therefore, to be considered inall respects to be illustrative and not restrictive.

The invention claimed is:
 1. A spectrum information query system, thesystem comprising, a database storing spectrum information; one or morespectrum utilising devices forming a first communications network; and asecured query proxy device, the secured query proxy device configured tocommunicate at its front-end with the database storing spectruminformation, wherein the secured query proxy device is configured at itsback-end for a one-way downlink to the first communications network; adecoupled source that is decoupled from the first communicationsnetwork, the source being coupled to the secured query proxy device,wherein the secured query proxy device is configured to obtaininformation associated with the first communications network via thedecoupled source, the secured query proxy device being furtherconfigured to perform encryption of obtained information associated withthe first communications network obtained from the decoupled source; andwherein the secured query proxy device is further configured to applyone or more data preservation measures to the received spectruminformation prior to transmission of the received spectrum informationto the first communications network via the one-way downlink.
 2. Thesystem as claimed in claim 1, further comprising the secured query proxydevice being configured to query the database storing spectruminformation using the information associated with the firstcommunications network obtained from the decoupled source that isdecoupled from the first communications network.
 3. The system asclaimed in claim 1, wherein the secured query proxy device is configuredto encode the received spectrum information as one of the one or moredata preservation measures.
 4. The system as claimed in claim 1, whereinthe secured query proxy device is configured to encrypt the receivedspectrum information as one of the one or more data preservationmeasures.
 5. The system as claimed in claim 1, wherein the secured queryproxy device is configured to schedule a periodic transmission of thereceived spectrum information to the first communications network viathe one-way downlink as one of the one or more data preservationmeasures.
 6. The system as claimed in claim 1, wherein the secured queryproxy device comprises a user interface module to facilitate thedecoupled source that is decoupled from the first communicationsnetwork.
 7. The system as claimed in claim 1, wherein the secured queryproxy device is configured to access another database that functions asa decoupled source that is decoupled from the first communicationsnetwork, the another database storing the information associated withthe first communications network.
 8. The system as claimed in claim 1,further comprising another secured query proxy device to function as thedecoupled source that is decoupled from the first communications networkand as a proxy between the secured query proxy device and the firstcommunication network, the another secured query proxy device comprisingat least one one-way communication link.
 9. The system as claimed inclaim 1, wherein at least one of the one or more spectrum utilisingdevices is configured to perform a reversal of the one or more datapreservation measures to recover the received spectrum information. 10.The system as claimed in claim 1, wherein the database storing spectruminformation comprises a Geo-Location Database (GLDB) and the informationassociated with the first communications network comprises geographicallocation information of the one or more spectrum utilising devices. 11.The system as claimed in claim 1, wherein the secured query proxy deviceis further configured to process received spectrum information receivedfrom the database storing spectrum information into non-executableinformation prior to application of the one or more data preservationmeasures.
 12. A method of querying a database storing spectruminformation, the method comprising, providing a database storingspectrum information; providing one or more spectrum utilising devicesforming a first communications network; and providing a secured queryproxy device functioning as a proxy device between the firstcommunications network and the database storing spectrum information;providing a decoupled source that is decoupled from the firstcommunications network, the source being coupled to the secured queryproxy device; obtaining information associated with the firstcommunications network at the secured query proxy device via thedecoupled source; encrypting at the secured query proxy device theobtained information associated with the first communications networkobtained from the decoupled source; using the secured query proxy deviceto communicate at its front-end with the database storing spectruminformation; using the secured query proxy device at its back-end for aone-way downlink to the first communications network; and applying oneor more data preservation measures at the secured query proxy device tothe received spectrum information prior to transmission of the receivedspectrum information to the first communications network via the one-waydownlink.
 13. The method as claimed in claim 12, further comprisingquerying the database storing spectrum information using the securedquery proxy device that is in turn using the information associated withthe first communications network obtained from the decoupled source thatis decoupled from the first communications network.
 14. The method asclaimed in claim 12 or 13, further comprising encoding the receivedspectrum information as one of the one or more data preservationmeasures.
 15. The method as claimed in claim 12, further comprisingencrypting the received spectrum information as one of the one or moredata preservation measures.
 16. The method as claimed in claim 12,further comprising scheduling a periodic transmission of the receivedspectrum information by the secured query proxy device to the firstcommunications network via the one-way downlink as one of the one ormore data preservation measures.
 17. The method as claimed in claim 12,further comprising providing a user interface module at the securedquery proxy device to facilitate the decoupled source that is decoupledfrom the first communications network.
 18. The method as claimed inclaim 12, further comprising accessing another database that functionsas a decoupled source that is decoupled from the first communicationsnetwork, the another database storing the information associated withthe first communications network.
 19. The method as claimed in claim 12,further comprising providing another secured query proxy devicefunctioning as the decoupled source that is decoupled from the firstcommunications network and as another proxy device between the firstcommunications network and the secured query proxy device; the anothersecured query proxy device comprising at least one one-way communicationlink.
 20. The method as claimed in claim 12, further comprisingperforming a reversal of the one or more data preservation measures torecover the received spectrum information at at least one of the one ormore spectrum utilising devices.
 21. The method as claimed in claim 12,wherein the database storing spectrum information comprises aGeo-Location Database (GLDB) and the information associated with thefirst communications network comprises geographical location informationof the one or more spectrum utilising devices.
 22. The method as claimedin claim 12, further comprising processing at the secured query proxydevice received spectrum information received from the database storingspectrum information into non-executable information prior toapplication of the one or more data preservation measures.
 23. A securedquery proxy device, the device comprising, a front-end communicationsmodule, the front-end communications module configured formulti-directional communications; a back-end communications module, theback-end communications module configured for a one-way communication;an input module, the input module configured to couple to a decoupledsource that is decoupled from a communications network; an encryptionmodule, the encryption module configured to encrypt informationassociated with the communications network; one or moreinformation-processing modules, the one or more information-processingmodules being configured to apply one or more data preservation measuresto the received information prior to transmission of the receivedinformation via the back-end communications module for the one-waycommunication.
 24. The device as claimed in claim 23, further comprisingthe front-end communications module being configured to query a databasestoring spectrum information using information associated with thecommunications network obtained from the decoupled source that isdecoupled from the communications network.
 25. The device as claimed inclaim 23, further comprising the one or more information-processingmodules being configured to encode the received information as one ofthe one or more data preservation measures.
 26. The device as claimed inclaim 23, further comprising the one or more information-processingmodules being configured to encrypt the received information as one ofthe one or more data preservation measures.
 27. The device as claimed inclaim 23, wherein the back-end communications module is configured toschedule a periodic transmission of the received information as one ofthe one or more data preservation measures.
 28. The device as claimed inclaim 23, wherein the input module comprises a user interface module tofacilitate the decoupled source that is decoupled from thecommunications network.
 29. The device as claimed in claim 23, whereinthe input module is configured to access another database that functionsas a decoupled source that is decoupled from the communications network,the another database storing the information associated with thecommunications network.
 30. The device as claimed in claim 23, whereinthe one or more information-processing modules is further configured toprocess received spectrum information received from the database storingspectrum information into non-executable information prior toapplication of the one or more data preservation measures.